CERBERUS/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-05-13 17:26:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

admin: Enforce origin implicitly based on request headers

Browse source
This commit is contained in:
Matthew Holt 2026-02-11 09:52:56 -07:00
parent 47f3e8f8dc
commit 72ac479f5d
No known key found for this signature in database
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
admin.go
View file

@ -849,7 +849,9 @@ func (h adminHandler) serveHTTP(w http.ResponseWriter, r *http.Request) {
}
}
if h.enforceOrigin {
_, hasOriginHeader := r.Header["Origin"]
_, hasSecHeader := r.Header["Sec-Fetch-Mode"]
if h.enforceOrigin || hasOriginHeader || hasSecHeader {
// cross-site mitigation
origin, err := h.checkOrigin(r)
if err != nil {